Generate a strong password

Cryptographically secure. Fully customizable. Runs entirely in your browser.

Click generate to create a password

Strength

None0 bits

Estimated crack time:—

Customize

Password Length

4Quick presets:128

Characters

🔤

Uppercase

A-Z

🔡

Lowercase

a-z

🔢

Numbers

0-9

🔣

Symbols

!@#$%

Advanced

Exclude Ambiguous

Remove 0, O, l, 1, I

Exclude Characters

Password Stats

Length0 chars

Entropy0 bits

StrengthNone

Crack time—

Bulk Generate

What is PassCraft?

PassCraft is a free, browser-based password generator that creates cryptographically secure random passwords instantly. Using the Web Crypto API (crypto.getRandomValues), PassCraft generates passwords that are truly random — not pseudo-random like Math.random(). Your passwords are generated entirely on your device and never sent to any server.

Why Use a Password Generator?

Human-created passwords are predictable. People reuse passwords, use dictionary words, add numbers at the end, and follow predictable patterns that attackers exploit. A strong, randomly generated password with sufficient length and character diversity is exponentially harder to crack than any password a human would naturally create.

How Strong Should My Password Be?

At minimum 12 characters with mixed character types for personal accounts
16+ characters for important accounts like email, banking, and work
20+ characters for master passwords and high-security applications
Use a unique password for every account — never reuse passwords
Store passwords in a reputable password manager

What is Password Entropy?

Password entropy measures how unpredictable a password is, expressed in bits. Higher entropy means more possible combinations an attacker would need to try. A password with 60 bits of entropy would take centuries to crack with modern hardware. PassCraft shows you the entropy of each generated password so you can make informed decisions about your security.

Is PassCraft Safe to Use?

Yes. PassCraft uses the browser's built-in crypto.getRandomValues() API which is the same cryptographic standard used by security professionals. Your passwords are generated entirely in your browser — no network requests are made, no passwords are logged or stored on any server, and closing the tab permanently removes all generated passwords from memory.

Frequently Asked Questions

Are the generated passwords truly random?

Yes. PassCraft uses crypto.getRandomValues() from the Web Crypto API, which provides cryptographically secure randomness. This is significantly more secure than Math.random() and is suitable for security-sensitive applications.

Does PassCraft store my passwords?

No. Passwords are only kept in your browser's memory for the session history feature. They are never sent to any server, never logged, and are permanently deleted when you close the tab.

What is the "Exclude Ambiguous" option?

This removes characters that look similar in certain fonts — like 0 (zero) and O (letter O), or 1 (one) and l (lowercase L) and I (uppercase I). Useful when passwords will be read and typed manually.

What length password should I use?

For most accounts, 16 characters is an excellent balance of security and manageability. For master passwords or high-security accounts, use 20-32 characters. The longer the better — length is the single most important factor in password strength.

Can I generate passwords without symbols?

Yes. Toggle off the Symbols option. Some older systems don't accept special characters in passwords. PassCraft works with any combination of uppercase, lowercase, numbers, and symbols.

What is the bulk password generator for?

The bulk generator creates multiple unique passwords at once. Useful for provisioning multiple accounts, setting up team credentials, or any situation where you need several strong passwords simultaneously.

How do I safely store my generated passwords?

Use a reputable password manager like Bitwarden (free, open source), 1Password, or LastPass. Never store passwords in plain text files, spreadsheets, or notes apps. Password managers encrypt your vault and auto-fill credentials securely.